[meta-oe,whinlatter] nodejs: mark CVE-2026-21710 patched

Message ID	20260426115052.4006506-1-skandigraun@gmail.com
State	New
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.128.53, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH] nodejs: mark CVE-2026-21710 patched Date: Sun, 26 Apr 2026 13:50:52 +0200 Message-ID: <20260426115052.4006506-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,whinlatter] nodejs: mark CVE-2026-21710 patched \| expand [meta-oe,whinlatter] nodejs: mark CVE-2026-21710 patched

Message ID

20260426115052.4006506-1-skandigraun@gmail.com

State

New

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][whinlatter][PATCH] nodejs: mark CVE-2026-21710 patched
Date: Sun, 26 Apr 2026 13:50:52 +0200
Message-ID: <20260426115052.4006506-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,whinlatter] nodejs: mark CVE-2026-21710 patched | expand

Commit Message

Gyorgy Sarvari April 26, 2026, 11:50 a.m. UTC

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-21710

The CVE is fixed in the current recipe version[1], but NVD tracks it
without verison info.

Mark it as patched in the recipe.

[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit b483760dba76bb66bad820ea0246a38692c28c45)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-devtools/nodejs/nodejs_22.22.2.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_22.22.2.bb b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.2.bb
index c64cc5b7c2..2b04c6df97 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_22.22.2.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.2.bb
@@ -218,6 +218,7 @@  python __anonymous () {
 
 BBCLASSEXTEND = "native"
 
+CVE_STATUS[CVE-2026-21710] = "fixed-version: fixed since v22.22.2"
 CVE_STATUS[CVE-2026-21712] = "cpe-incorrect: only v24 and v25 are affected"
 CVE_STATUS[CVE-2026-21713] = "fixed-version: fixed since v22.22.2"
 CVE_STATUS[CVE-2026-21714] = "fixed-version: fixed since v22.22.2"

[meta-oe,whinlatter] nodejs: mark CVE-2026-21710 patched

Commit Message

Patch